[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Benefits of Running TBB in a VM?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Benefits of Running TBB in a VM?
From: scarp <scarp@xxxxxxxxxx>
Date: Thu, 03 Jul 2014 04:39:50 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 03 Jul 2014 00:42:15 -0400
In-reply-to: <53B4776E.8050709@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1404320578.38195.YahooMailBasic@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <53B4776E.8050709@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michael Wolf:
> On 7/2/2014 1:02 PM, Bobby Brewster wrote:
>> What are the benefits of running TBB in a VM?
>> 
>> AIUI, there are two advantages.
>> 
>> 1.	If malware infects the VM, then just the VM is compromised. If
>> your Windows/Mac/Linux system is infected, then your entire
>> system is affected (yes, I realise that it should be only the
>> user account for Linux unless you are root).
>> 
>> 2.	If your system is comprimised, your real IP cannot be
>> discerned.  For example, in my non-VM Ubuntu machine, my wlan0 IP
>> is listed as 192.168.1.50. However, on my NAT'd VirtualBox
>> Ubuntu, there is no wlan0, only eth1. This gives an IP of
>> 10.0.2.15 which is obviously not the IP assigned by my ISP.
>> 
>> Does this make sense?  Are there other benefits?  Any
>> disadvantages?  Thanks.
>> 
> #1 -- Unless the malware breaks out of the VM. [1]
> 
> #2 -- Not true.  You're assuming the malware is looking at your IP 
> address and then reporting it.  Well, it may... but the act of 
> connecting to another server to report your IP address exposes
> your actual public IP address.
> 
> BTW, 192.168.1.50 is *also* not the IP address assigned by your
> ISP, it's a local NAT address given out by your router.  If you
> could hide behind NAT, you'd already be safe :)
> 
> 
> -- Mike
> 
> 
> [1]http://www.darkreading.com/risk/hacking-tool-lets-a-vm-break-out-and-attack-its-host/d/d-id/1131254?
>
> 
Not a lot to be gained from running the TBB inside a regular VM other
than isolation of malware. If you're using Tor then I assume anonymity
means something to you.

Have a look at Whonix it is designed specifically for this kind of
usage. Additionally it isolates the Tor service in it's own VM to
provide extra network security from malware that could by-pass the Tor
service and directly access some remote location thus revealing you.

Most attacks about breaking out of a VM rely on you installing the
guest tools, so never do that.

- -- 
scarp | A4F7 25DB 2529 CB1A 605B  3CB4 5DA0 4859 0FD4 B313
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTtN6VAAoJEF2gSFkP1LMTFsYP/3tXhmN0pMRJH+HPyOPBYQtD
p6+Z51eLLp93g/ugYXy3IG83fxrBUOnAKSa5iQQB+7h1hjRv3dfDSaecH1UtrjXv
8Ojm+LYYRrIsb61gJHCp77liKXT8zNOA1tdzJARvCZDTGeYVZXogXlwckV8bpBHp
gvSZetfaiA/6UTEE+mxjoYkfMvcj9RkeoAEIGB3mAXi54NYoeHe5fGPSTHdr4iIs
QPTqhkw3cRXm9K2qFAPMmQbYuFxpWVhlsGmFJRz8+yc6ajpJftlyK+cofSN3LNbT
7+hLOIJAOji8OdWP4hG7a1E2a1OT4GdbVeo+Jo+HueRrurN2hz28Wv04FGqpCYuc
2Yd8vk9F4+ciE1+I7GFsxMnDibhMAjR9vNP2kImHqxEnO/TfU/7UgDlQuGGgEVPF
uLqak3QsGuOfY4eke5nU2A/C0EN0eBJ8Z4y+kNsN8QSoGEWUB6TwpPV0MUz/nedO
T2hHC1pCzBWFBGk1G4tVOnwElHlH/OLE+GMFUB2GBQpzrttF8XBBmyqDqvXEJcWE
cOSar4ZaS/W/Go5+3CbnDreEFC2qn9FRwgq1Rk6ZPlqpZ3h2yI3KbC7aD8cxgOA2
a+9RIgI9+/X86gcQKVJRZjZQ8ozRu1P1nlyN+7VloSUQ06O1ArFVnN6EFOVXePJx
+aX4nc8XYMRNJ9zN5pac
=zenG
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Benefits of Running TBB in a VM?
  - From: Rejo Zenger

References:
- [tor-talk] Benefits of Running TBB in a VM?
  - From: Bobby Brewster
- Re: [tor-talk] Benefits of Running TBB in a VM?
  - From: Michael Wolf

Prev by Author: [tor-talk] About Bandwidth rate, burst and observed.
Next by Author: Re: [tor-talk] Kontact/Kmail run over Tor ?
Previous by thread: Re: [tor-talk] Benefits of Running TBB in a VM?
Next by thread: Re: [tor-talk] Benefits of Running TBB in a VM?
Index(es):
- Author
- Thread